supply chain risk and reward - APICS [PDF]

supply chain. By Scott G. Stephenson. Discover the key elements of a comprehensive supply chain risk management strategy

68 downloads 20 Views 3MB Size

Recommend Stories


The APICS Certified Supply Chain Professional (CSCP)
When you do things from your soul, you feel a river moving in you, a joy. Rumi

[PDF] Supply Chain Management
Open your mouth only if what you are going to say is more beautiful than the silience. BUDDHA

Risk & Reward
You have survived, EVERY SINGLE bad day so far. Anonymous

AND SUPPLY CHAIN MANAGEMENT
What you seek is seeking you. Rumi

[PDF] Logistics Supply Chain Management
I tried to make sense of the Four Books, until love arrived, and it all became a single syllable. Yunus

Ethics and the Supply Chain Ethics and the Supply Chain
Be grateful for whoever comes, because each has been sent as a guide from beyond. Rumi

Online PDF Purchasing and Supply Chain Management
Knock, And He'll open the door. Vanish, And He'll make you shine like the sun. Fall, And He'll raise

managing risk in the pharmaceutical supply chain
Don’t grieve. Anything you lose comes round in another form. Rumi

Supply Chain Risk Management in der Industrie
Your big opportunity may be right where you are now. Napoleon Hill

olap solution for supply chain risk management
Where there is ruin, there is hope for a treasure. Rumi

Idea Transcript


APICS INSIGHTS AND INNOVATIONS

SUPPLY CHAIN RISK AND REWARD MEASURING RISK IN YOUR SUPPLY CHAIN

APICS INSIGHTS AND INNOVATIONS

ABOUT THIS REPORT APICS conducted a survey to examine practices, procedures and plans in risk management across the supply chain. The survey was designed to provide a closer look at real-world risk management practices. This report looks beyond the survey results and provide guidelines designed to help advance your organization’s risk measurement, management and risk reward analysis. APICS Research Reports are based on practitioner surveys that explore trending topics in supply chain and operations management. They include survey results, analysis, tips and best practices to keep you and your organization informed of insights and innovations in supply chain and operations management. This report was developed by APICS Supply Chain Council, an organization that advances supply chain and operations management and innovation through research, education, and publications.  APICS SCC maintains the Supply Chain Operations Reference (SCOR) model, the supply chain management community’s most widely accepted framework for evaluating and comparing supply chain activities and performance. For more information, visit apicsscc.org. APICS SCC research reports are based on practitioner surveys that explore trending topics in supply chain and operations management. They include survey results, analysis, tips and best practices to keep you and your organization informed of insights and innovations in supply chain and operations management.

SUPPLY CHAIN RISK AND REWARD MEASURING RISK IN YOUR SUPPLY CHAIN TABLE OF CONTENTS Executive Summary APICS Research

5 50

Perspectives from APICS Magazine Assets, Liabilities and Risk 20 Using smarter logistics to protect the modern supply chain By Scott G. Stephenson Discover the key elements of a comprehensive supply chain risk management strategy.

Perceptions of Peril 26 Evaluating risk management in supply chains By Richard E. Crandall, Ph.D., CFPIM, CIRM, CSCP Explore risk managment research and paradigms, actions to mitigate or prevent risk disruptions, the need for risk strategy, building confidence through collaboration and more.

Your Company Is Vulnerable How to achieve top business security

39

By Philip E. Quigley, CFPIM, PMP Find out more about how to guard against system break-ins and how operations people must team with IT security professionals to eliminate threats.

Your Resilient Supply Chain Lessons in reducing exposure and mitigating risk

42

By Mohanish Makharia, Gerhard Plenert, Ph.D., and Ramanan Sambukumar Learn about why it’s essential to institutionalize a contingency management team that directs all actions during times of disruption.

SUPPLY CHAIN RISK AND REWARD

3

APICS POINT OF VIEW

SUPPLY CHAIN RISK AND REWARD MEASURING RISK IN YOUR SUPPLY CHAIN

Risk: The APICS Dictionary, 14th Edition, defines Supply Chain Risk as “The variety of possible events and their outcomes that could have a negative effect on the flow of goods, services, funds or information resulting in some level of quantitative or qualitative loss for the supply chain.””

4

APICS INSIGHTS AND INNOVATIONS

EXECUTIVE SUMMARY

Risk is a cost. Reward is the actual or anticipated benefit. And not every reward is worth the risk. This is true everywhere, including supply chains. The goal is to reduce or eliminate the risks that fail to offer adequate rewards through riskreward analysis.

Think of risk-reward analysis as similar to cost-benefit analysis. While risk itself may be unavoidable, there may be choices on the specific risks you have to face based on the design and operation of the supply chain. When analyzing a supply chain risk, ask the following questions: What is the reward for enduring the risk? Is the risk worth the reward? This APICS report provides insights, select articles from APICS Magazine, and four tools that will help you determine supply chain risk and reward at your organization: 1. Risk and Reward Probability and Impact Decision Chart 2. Monte Carlo Simulations 3. Value at Risk 4. Time-to-Recovery: Establishing Recovery Time Objectives and Roadmaps

SUPPLY CHAIN RISK AND REWARD

5

Consider the Related Terms from the APICS Dictionary

Risk acceptance: A decision to take no action to deal with a risk or an inability to format a plan to deal with the risk. Risk avoidance: Changing a plan to eliminate a risk or to protect plan objectives from its impact. Risk register: A report that has summary information on qualitative risk analysis, quantitative risk analysis and risk response planning. This register contains all identified risks and associated details. Risk response plan: A document defining known risks including description, cause, likelihood, costs and proposed responses. It also identifies current status on each risk.

Measuring Risk in Your Supply Chain

In cause and effect terms, enduring a risk creates the opportunity for a reward, but it must be a reward worth having. In terms of risk and reward balance, ask yourself which side has the greatest weight and consequence? When it comes to financial investment, greater risk has the potential to deliver greater reward. A risky supply chain should deliver greater reward over a less risky one. The “market” for determining the worth of the reward and the cost of the risk comes from business unit strategy, competitors and customer demands. A company whose strategy is built on speed and flexibility and that operates a supply chain to match would appear to have a riskier supply chain compared to an organization whose strategy is based on operating with the lowest cost as a priority. Both supply chains value the balance of risk and reward differently. A careful study of business unit strategy or supply chain strategy may reveal a supply chain that endures risks but delivers no worthwhile reward or benefit. This is similar to a product that doesn’t deliver a value equivalent to its price. Avoid these risks when possible. Where this is impossible, ̥̥ Reduce the risk ̥̥ Share or transfer the risk until it presents a better risk-reward balance ̥̥ Increase the reward for enduring the risk Analyzing risk and reward balance, and translating the cost and the benefit of each risk is not often straightforward because the cost of risk and the benefit of reward often move along different timelines.

6

APICS INSIGHTS AND INNOVATIONS

Balancing Risk and Reward Over Time

Assets, tasks, processes or activities that repeat or continue over time tend to operate according to predictable balances of risk and reward. However, they may present the occasional or rare catastrophic risk, a risk that offsets even long periods of reward. Even rare or improbable risks become probable with enough time or repetition. Consider the example of a distribution fire center and fire insurance. Operating a distribution center presents a mix of risks and rewards. The distribution center offers extensive logistic rewards, but requires enduring a number of unavoidable risks, including fire. Paying fire insurance premiums prevents a fire from destroying years of reward. Nevertheless, the rewards of the distribution center must be sufficiently high to offset the cost of the insurance premiums. If the distribution center reward achieves this, then the risk-reward balance of distribution center fire remains weighted on the side of reward. This is a risk worth enduring. Without transferring this risk to an insurance company, even the rare risk of a distribution center fire may not be worth years of reward. There is not yet insurance for every supply chain risk. Or available insurance costs offset expected reward. This means sharing risk, mitigating risk or selfinsuring against risk across the supply chain. Supply chain strategy helps clarify risk and reward worth facing. This means that supply chain risk management must continually investigate and evaluate appropriate risk and reward balances. Because supply chain managers can’t address all risks, they should focus on specific risks, particularly those that have an undesirable risk and reward balance. The APICS Operations Management Body of Knowledge (OMBOK) Framework best practices for risk management entails a three-step process: 1. Identify the sources of potential disruptions. The first step is to assess the types of vulnerability in a supply chain. The focus should be on highly unlikely events that would cause a significant disruption to normal operations, including natural disasters, capacity failures, infrastructure failures, terrorist attacks, supplier failures, labor actions, equipment failures, price volatility, and military and civil conflicts. 2. Assess the potential impact of the risk. Next, quantify the probability and the potential impact of the risk. The assessment depends on the specific incident, but it can be based on factors such as finance, environment, business viability, brand image and reputation, and human lives.

SUPPLY CHAIN RISK AND REWARD

7

3. Develop plans to mitigate the risk. Finally, create a detailed strategy for minimizing the impact of the risk. These strategies can take different forms depending on the nature of the problem.

Examples of Risk Mitigation Strategies Risk

Risk Mitigation Strategy

Transportation failure

Use of redundant vehicles, modes and operators

Supplier failure

Sourcing from multiple suppliers

Climate change, inclement weather

Contingency planning, including alternate sites; insurance

Licensing and regulation issues

Up-front and continuing research; legal advice; compliance

Major quality failure

Careful supplier selection and supplier monitoring

Loss of customers

Innovation of products and services

Theft or vandalism

Insurance; security precautions; knowledge of likely risk; patent protection

Risk and Reward Life Cycle

Risks and rewards may not occur along the same timeline. Risks may be immediate while rewards may take longer to achieve. Many rewards require upfront risk investments. A risk investment is the state of enduring an immediate risk in exchange for a reward. For example, a factory under construction imposes a series of risks such as protecting the building site and equipment already completed during construction, risk of a competitor discovering proprietary production processes by observing the construction before factory walls are built, and completion of necessary supporting infrastructure on time, but does not yet provide a reward for enduring those risks. Over time, the risks will be offset. Rewards created by risk investment often have a life cycle. An aging factory, for example, may begin to present additional new risks but not provide additional new rewards.

8

APICS INSIGHTS AND INNOVATIONS

To evaluate supply chain in this way, focus on major supply chain assets, as well as the repetition of important tasks and processes. Are the risks “risk-lean” for the reward they provide? In other words, are the risks reduced to the lowest level possible, just as lean calls for reducing waste to the lowest level possible, while still delivering what is required? Do they demand the least risk for the most desirable reward? Are the risks volatile? Do the risks tend to vary often or widely or are they steady? Do they tend to create new risks over time, which are not offset by suitable reward? Where are the risks in terms of life cycle? Technology may suddenly render obsolete existing assets and processes by creating new options with a much improved risk and reward balance. Continuing with outdated assets and processes can impose an unfavorable balance compared to competitors. If a risk must be endured and cannot be mitigated, transferred or reduced, then develop greater reward for enduring the risk. If the risk outweighs the reward and increasing the reward is not possible, make sure business unit strategy guides planning and decision making. Also, be sure that senior management is aware of the risk and reward balance. This is common when entering a distant new market. An organization or its supply chain may have to endure risks and losses in the short term in order to create a permanent profitable position in the long term. In this case, the organization or its strategy or senior management may be willing to endure more risk than your supply chain risk management would normally tolerate.

When thinking about risk and reward life cycle, consider the following questions:

For each point in the supply chain, is risk-reward a value-add or the best value?

Is the burden of risk and the benefit of reward spread equally across the supply chain?

SUPPLY CHAIN RISK AND REWARD

9

Risk and Reward Probability and Impact Decision Chart

Evaluate supply chain plans and activities according to their anticipated risks and rewards. Results may suggest altering the plan or activity, or not implementing them. For a given plan or activity add up its expected risk probability and impact over time. Then add its expected probability of reward and impact over time. Subtract the risk total from the reward total. Risk condition

Risk probability and impact Score 1-10

Reward probability and impact Score 1-10

Net balance

Move to new production processes

Change management process fails = 4 Impact = 10 Score 24

Greater productivity achieved = 7 Impact = 10 Score 17

A difference of +3 indicates that the risk is worth the reward.

Eliminate one distributor partner

Service levels falll unacceptably = 6 Impact = 8 Score 14

Net expenses fall = 5 Impact = 8 Score 13

A difference of -1 indicates you should mitigate or transfer risk where possible.

Add new supplier

Additional supply complexity = 9 Impact = 2 Score 11

More supply diversity = 10 Impact = 1 Score 11

A difference of 0 is neutral

Outsource production of core

Supply disruption = 5 Impact = 9 Score 14

Free up capacity in current facilities = 8 Impact = 3 Score 11

A difference of -3 indicates that you should consider alternatives to avoid this risk. If impossible to mitigate, then transfer, reduce risk or work to increase the expected reward.

Monte Carlo Simulations

Monte Carlo simulation replicates real-life outcomes by accounting for random variables and revealing the most probable outcomes or consequences of specific actions. This information helps with risk evaluation or decision-making processes. Scenario Suppose a factory is scheduled to close for 10 days of essential maintenance. However, you learn that all the factory maintenance workers are considering a strike. The number of strike days is unpredictable. This means the factory will be closed anywhere from at least 10 days up to 25 days.

10

APICS INSIGHTS AND INNOVATIONS

Consider the following conditions: ̥̥ Imagine that your organization loses 500 scheduled units of production each day the plant is closed beyond day 10. ̥̥ Imagine that your organization loses a customer for every 1,000 units of lost production. ̥̥ How many customers might the organization loose due to the maintenance worker strike? You can use Monte Carlo simulations to explore the ramifications. In a spreadsheet format such as Excel, enter the following information: Cell A1 = 10 + RAND()*15

The spreadsheet displays a random number of days between 10 and 25.

Cell A2 = (A1-10)*500

The spreadsheet calculates the number of lost units at 500 units each day above 10 days.

Cell A3 = (A2)/1000

The spreadsheet calculates the number of lost customers based on lost production for 1,000 or more units.

Recalculate the spreadsheet (press F9 in Excel) several times to display a range of possible lost customers. If you recalculate the spreadsheet many times and record each lost customer value, you can determine an average number of lost customers. If you graph the results, you see how common, rare, likely or unlikely specific lost customer results are. For example, over 45 recalculations you might find an average of three customers lost. If you were to graph the number of lost customers over 45 recalculations, you would see that extremes of either no lost customers or seven lost customers are possible, but are not as likely as other values. It is now easier to anticipate the probable impact of the maintenance worker strike.

Potential customers lost from strike risk 8 7 6 5 4 3 2 1 0 1

3

5

7

9

11

13

15

17

19

21

23

25

27

29

31

33

35

37

39

41

43

45

SUPPLY CHAIN RISK AND REWARD

11

Number of years

15-year distribution of annual portfolio rates of return 8 6 4 2 0

1%

2%

3%

4%

Value at Risk

The concept of Value at Risk (VaR) originated in the financial industry. It seeks to calculate a financial portfolio’s range of most and least probable gains or losses overtime. Extremely high or low portfolio gains and losses are rare but still possible. They represent a best-case or worst-case scenario. More probable are an average level of gains or losses over time. Knowing the expected range of gains and losses enables a financial manager to evaluate or forecast the likely value of a portfolio despite random fluctuations of financial markets. VaR allows one portfolio to be compared to another. Portfolios that are volatile, meaning those that show large swings in value over time, exhibit greater risk than nonvolatile portfolios. If two portfolios provide the same return, but one is more volatile, the more volatile portfolio requires enduring more risk for the same return. Its balance of risk and reward is not as favorable. VaR calculations may use actual historical values, calculation of standard deviation, or Monte Carlo simulation. For example, a portfolio with an average 2.5 percent annual gain over 15 years may show the following “bell shaped” distribution of gains, with the top of the “bell” representing the most common value. VaR can serve supply chain risk management. Instead of the range of returns of a portfolio, VaR can calculate and compare the relative value of supply chain partners in terms of their performance and reliability. How? Suppose your organization values good supplier delivery performance. Yet with every supply chain partner or supplier there is the risk of delivery underperformance. Suppose your organization also values low cost suppliers. However, low-cost suppliers have worse delivery performance than high-cost suppliers. In terms of delivery performance, VaR enables comparison of the risk of underperformance between suppliers. This helps determine an optimal risk and reward balance among such suppliers.

12

APICS INSIGHTS AND INNOVATIONS

5%

6%

Supplier 1: history of delivery performance

Supplier 2: history of delivery performance

25% Probability of getting less than what we require

50% 15%

Probability of getting exactly what we require

Probability of getting less than what we require

5% 85%

10%

Probability of getting exactly what we require

10% chance of 70% delivery performance

chance of 90% delivery performance

chance of 80% delivery performance

chance of 100% delivery performance

Is a riskier supplier worth the reward of lower cost? Suppose your organization completed a study of supply chain supplier delivery performance over the last three years. Over many orders, the study showed the probability of varying levels of delivery performance for two suppliers: Supplier 1 and Supplier 2.

What is this supplier worth in terms of VaR? Convert these statements of probability into score values.

1. For example, 10 percent chance of 70 percent delivery performance converts to to .1 multiplied by (100 - 70). Simplified, this is the same as .1(30). The final result equals three. Therefore, the probability expression “10 percent chance of 70 percent delivery performance” is equal to three. Repeat the same process for all the probability expressions where we get less than what we require. For example, VaR= .1(100 - 70) + .15(100 - 80) + .25(100 - 90) = 3 + 3 + 2.5 = 8.5. Supplier 1 has a VaR delivery risk score of 8.5. How does Supplier 1 compare to Supplier 2? 2. As before, convert the expressions to VaR expressions and calculate the VaR delivery risk value. VaR = 0(100 - 70) + .05(100 - 80) + .10(100 - 90) = 0 + 1 + 1 = 2. Supplier 2 has a VaR score of two. The lower value is better. If both Supplier 1 and 2 were equal in every other way (price, quality, services) Supplier 2 presents better delivery performance risk than Supplier 1.

SUPPLY CHAIN RISK AND REWARD

13

Time-to-Recovery: Establishing Recovery Time Objectives and Roadmaps

The earlier sections of this report address evaluating risk and reward, but these evaluations do not address how to optimize responsiveness when a supply chain risk event or disruption occurs. The business continuity field developed the concept of a recovery time objective (RTO). From a supply chain risk perspective RTOs set the duration of time (and service level) that a disrupted supply chain operation must be restored in to prevent unacceptable consequences in supply chain continuity. Ideally, RTOs are based on current analysis and the practical, realworld capability of the supply chain. RTOs combined with a recovery roadmap of anticipated tasks create an actionable time-to-recovery resource. Risks that are reasonably probable and require lengthy RTOs, particularly RTOs exceeding the time before unacceptable supply chain consequences develop, demand careful attention of the supply chain risk manager by developing supply chain RTOs and related recovery roadmaps. RTOs call for a rapid and efficient use of time once a risk condition or disruption develops. Given the urgency, complexity and variability of supply chain risks, RTOs and roadmaps may vary greatly.

The Four Ds of Duration

An RTO and recovery roadmap should account for the following four phases: 1. Detect the actual risk condition - the first symptom may not reveal the actual risk condition. 2. Develop a response—tailor and prioritize responses to the risk and its causes and disruptions. 3. Deploy the response—execute the response in the challenging conditions the risk. 4. Determine the effectiveness—measure actual reduction of the risk condition and its disruptions, not merely reduction of immediate symptoms.

Detect

Early detection of risk requires making risk indicators visible through regularly observed metrics, alarms, triggers, and constant comparison of optimal non-risk states to present supply chains. Hard risk is a risk that is measurable or quantifiable. Hard risk often includes risks such as damage or destruction to physical assets and can be measured or calculated. Soft risk is a risk that is difficult to measure or quantify. Soft risks occupy the intangible domain of the supply chain, such as

14

APICS INSIGHTS AND INNOVATIONS

leadership strength, quality of relationships, trust or information sharing. An example of soft risk is a supplier that has taken on greater debt levels. This may be for good or bad reasons (good might be borrowing to fund a new factory, and bad might be to finance poor management) but increasing debt does make claims on the future earnings of the supplier. The repayment of debt may one day begin to claim capital needed to provide good service. It is not easy to measure this risk as new debt may enable capacity and technology to grow revenue well beyond the costs of repayment and provide increasingly good service. A key practice of early risk detection is continuous analysis of supply chain soft risks, such as declining communication, weak relationships, and incomplete or late information flow. Many supply chain disruption risks become worse, require more effort to recover from, or are more probable when soft risks increase. If soft risks continually increase, address soft risk directly while increasing risk detection of the hard risk conditions they may bring. For example, a supplier that has become less responsive to your communication and relationship efforts may be starting to face financial pressures that impact hard risks related to quality or delivery.

Develop

Developing a response requires first an accurate determination of the cause of the risk condition, as well as prioritization of the effort needed to swiftly address the risk condition and return to the pre-risk state. Across a supply chain, complex risks may present a variety of symptoms that may not obviously suggest the cause of the risk. Build a reliable base of information, confirm with stakeholders the conditions they seek, and ask ‘the five whys’ to confirm causes. According to the APICS Dictionary, 14th Edition, “the common practice in total quality management is to ask ‘why’ five times when confronted with a problem. By the time the answer to the fifth ´why” is found, the ultimate cause of the problem is identified.” Developing a response tailored to the risk rather than reacting to it can be critical to containing the risk condition.

Deploy

Successful rapid deployment of a risk response condition requires high levels of communication, coordination, information sharing and flexibility. Yet people tend to respond to risk conditions with slow, confused or unproductive action even in the face of obvious problems and solutions. The reason is that risk conditions create unfamiliar circumstances and in turn, call for unfamiliar actions. Staff and partners across a supply chain wonder: Do I have the authority? Am I making matters worse? What if I am blamed for something that goes wrong?

SUPPLY CHAIN RISK AND REWARD

15

Deployment should account for human nature with clear direction, authority and leadership across the supply chain. Don’t count on these attributes developing by themselves during the risk condition. Define, document and secure agreement in advance by working out optimal deployment agreement for categories of probable risk conditions and disruptions that would have significant impact to your supply chain. Examples of categories might include natural disasters, financial crisis, significant loss of information or information technology capability, product or service liability crisis, significant asset theft and more.

Determine

Determining the effectiveness of the response is a discovery process that operates first as parallel with the deployment of the risk response, and later during post-mortem, lessons-learned phase once the risk condition has passed. This phase requires communication, coordination and information sharing. As deployment proceeds, ask immediate questions of team members: is the wrong RTO and recovery roadmap in use? Is the recovery roadmap impeded by any unexpected challenges? Are we still discovering new risk conditions that complicate an effective recovery? Is recovery taking more time than the RTOs permit? During the later post risk condition phase, ask questions: ̥̥ What were our strengths? ̥̥ What weaknesses should be strengths? ̥̥ Where did we make the risk worse? ̥̥ How could we have shortened the duration of the four phases as the risk condition occurred? To minimize the duration of each of these phases begin by sharing supply chain risk plans across the supply chain. Ask for your partners for supply chain risk plans and share your own. Determine RTOs for common risks jointly. Are there ways to develop faster detection of risk conditions or to develop and deploy solutions? Follow up these questions with joint determination of effectiveness during the risk and after the risk condition. Work out RTOs and recovery roadmaps in advance by anticipating the time required to detect, develop, deploy and determine. Practices mock drills or scenarios. Evaluate and update as risk conditions and risk management capabilities change across the supply chain.

16

APICS INSIGHTS AND INNOVATIONS

Risk and Reward Best Practices

Take the following steps to implement risk management at your organization: Know your business unit and supply chain strategy. Stay knowledgeable about how much risk is manageable in your physical, operational and information technology domains. Know what risks would have the most damage. Another source of risk is a supply chain suffering from poor strategic alignment. Supply chain strategy helps determine risk levels by defining the best alignment of supply chain partners, practices, assets and performance for the current and future needs of an organization. Maintain and build relationships to facilitate easy networking across the supply chain. Share your supply chain risk and reward evaluations. Are they shared across the supply chain? Where are perspectives different? Account for hard and soft risk as well as hard and soft reward. Soft risk is risk that is difficult to measure or quantify. Examples of soft risk might include losing top management leadership, failing relationships or unfavorable market trends. It may be difficult to quantify what losses or disruptions might occur. In contrast, a hard risk could be a fire at a warehouse. It is possible to delineate fire-related losses or disruptions in terms of lost inventory, expenses or recovery costs. Reward also comes in hard and soft formats. Hard rewards, such as greater production, lower costs or managing the smallest inventory that still gets the job done are measurable. Soft rewards are harder to measure. For example, an improving reputation or level of trust among supply chain partners may be difficult to quantify, but it is a desirable reward nonetheless. Keep the balance of risk and reward current over time. Trends, technologies, competitor actions and newly discovered risks and rewards may change the balance over time. Gather perspectives from a variety of sources, including buyers/planners, schedulers, material managers and supply chain managers. Where do they see the most risk? Where do they see the most reward? Of the risks facing the supply chain, what do they see as probable or improbable from their perspective? Knowing why they answer the way they do will help capture insight and lead to innovation.

SUPPLY CHAIN RISK AND REWARD

17

18

APICS INSIGHTS AND INNOVATIONS

PERSPECTIVES FROM APICS MAGAZINE APICS magazine is an award-winning publication featuring innovative ideas and real-world strategies for inventory, materials, production and supply chain management; planning and scheduling; purchasing; logistics; warehousing; transportation and logistics; and more. Visit apics.org/magazine to view current and archived issues and to learn more about the magazine.

SUPPLY CHAIN RISK AND REWARD

19

ASSETS, LIABILITIES AND RISK

Using smarter logistics to protect the modern supply chain By Scott G. Stephenson

20

APICS INSIGHTS AND INNOVATIONS

In the last decade, inventories have become leaner and businesses across many industry sectors more globalized. Executives, supply chain and operations management professionals and risk managers alike face the daunting task of reevaluating supply chain risk. It is no longer sufficient to view the supply chain as a set of tangible assets and related liabilities to be insured. Rather, the increased exposure across all operations of the organization requires leaders to adopt a holistic risk management program that focuses on efficiency as well as risk to both tangible and intangible assets. A comprehensive supply chain risk management strategy is a key component to protecting the most valuable assets of any successful business. Effective risk management goes beyond the supply chain to all major operations of the organization – embedding risk awareness into every function, including the C-suite and department managers. Risk management techniques also must be embedded into mission critical points along the operational network of the supply chain. Such techniques allow supply chain managers to make better decisions, balancing the competing priorities of cost effectiveness and minimizing exposure to enterprise-wide risk.

Effective disruption mitigation requires thorough risk analysis at each origin, intermediary point and transportation link. In the past, many sourcing decisions were based on risk adjustment. For example, a low-cost vendor—who may be less reliable, but cheaper than a more dependable competitor—is normalized in terms of its true cost to the organization.

When taken on an individual basis, such decisions seem to have little impact. But in the aggregate, they may have critical consequences. Through a holistic risk management model, supply chain managers empowered to apply risk metrics will make better choices. By mitigating risk significantly, they will enhance reliability, driving down actual costs. To that end, the primary goals of an effective supply chain risk management strategy are: ̥̥ To recognize and prioritize vital business components ̥̥ To chart the full supply chain, highlighting interdependencies ̥̥ To uncover areas along the supply chain where disruption will lead to failure

SUPPLY CHAIN RISK AND REWARD

21

One of the primary concerns among supply chain professionals and risk managers alike is disruption in the supply chain. A breakdown in production and and delivery will lead to lost sales, decreased revenue, margin erosion, profit loss, and—perhaps most importantly—damage to the reputation of the business. Effective disruption mitigation requires thorough risk analysis at each origin, intermediary point and transportation link. This enables professionals to see all areas of potential harm and determine how best to allocate resources to protect against vulnerabilities. A thorough assessment requires supply chain managers to work closely with partners and corporate compliance professionals to improve collaboration, develop a risk mitigation plan and establish a contingency protocol across the network. First, it’s important to recognize where the company’s supply network begins. For example, say an organization has a factory in Taiwan, but that factory sources raw materials from vendors in Argentina, India and the United States. At each of these locations, supply chain managers need to determine who controls the origin points within the chain and whether those locations are secure. Key questions to ask include: ̥̥ What is your relationship with your supply chain partner? ̥̥ Are the people there familiar with your risk assessment objectives? ̥̥ Are they willing to work with you to identify and mitigate disruptive risks? ̥̥ Can the partner play a role in your contingency plan? ̥̥ Are sufficient security protocols in place at the facility? ̥̥ Is the facility in compliance with all government regulations? ̥̥ Are its products in compliance with environmental health and safety regulations? ̥̥ Are there labor concerns or unrest at the facility? ̥̥ Is the facility financially stable and physically capable of production to required capacity? ̥̥ Is the facility in an area prone to natural disasters or political upheaval?

22

APICS INSIGHTS AND INNOVATIONS

The Vulnerability of Intermediate Points

Risk assessment doesn’t begin and end at origin points. Supply chain and risk managers also must consider the risks associated with each intermediary and throughput location, as well as the logistics operations that connect them all. Intermediary locations can include distribution centers, warehouses, port terminals, cross-dock operations, container freight stations, trans-load facilities, rail terminals, truck stops and rest areas. As with suppliers and origin locations, supply chain managers should identify who controls operations at each intermediary point in the supply chain and determine if those relationships require a new level of interaction and collaboration. They also should ask logistics providers for detailed information regarding efforts to lessen the potential for disruptive risks. Other questions to consider when evaluating a logistics provider include the following: ̥̥ How has the global recession affected the logistics provider’s business? ̥̥ Does the company have a realistic plan to address the changing business environment? ̥̥ Are leaders willing to collaborate and participate in your risk mitigation plan? Additionally, disruptive risk may vary from one intermediary point to another depending on the nature and location of the operation. If the organization has a major shipping hub based in a country experiencing significant political turmoil, concerns surrounding port security and congestion may necessitate a contingency plan for the area. Volume flexibility is another issue to consider, especially if distribution centers hinder processes as volume increases. Intermediary points on the supply chain also are vulnerable to one of the oldest and most prevalent disruptive risks—cargo theft. Although precise statistics are difficult to obtain, it’s estimated that cargo theft costs the US economy billions of dollars each year. To help protect against this significant threat, organizations should select logistics providers that incorporate security protocols at their facilities such as on-site guard personnel, alarm systems, infrared surveillance equipment and advanced-access control systems. Additionally, organizations should invest in logistics providers and trucking companies that commit to best practices in security. These companies ̥̥ Run annual background checks on all drivers ̥̥ Ensure trucks arrive at facilities for pickup fully fueled

SUPPLY CHAIN RISK AND REWARD

23

̥̥ Require drivers to travel a minimum of 200 miles after accepting a load before stopping ̥̥ Insist vehicles are not left unattended or in unsecured locations ̥̥ Lock doors and keep windows up when traveling at low speeds ̥̥ Deploy their own hardened padlocks to trailer doors to augment the shipper’s security seal ̥̥ Mandate that drivers carry vehicle information and identification at all times ̥̥ Have drivers contact authorities and the organization’s supply chain manager in the event of a theft Developing and maintaining a reliable supply chain is vital to the success of any business, particularly in today’s global business landscape. The aforementioned techniques and applications enable supply chain and risk managers to work together to identify and mitigate the risk of disruption along all points of the supply chain. As sophisticated technologies, including predictive modeling and weather intelligence continue to evolve, organizations that adopt these tools will be well positioned not only to protect their most valuable assets, but also to gain—and maintain—competitive advantage.

What Can Predictive Analytics Do?

Analytics and business intelligence software have been used in supply chain and operations management for some time. Traditionally, these tools examined relatively stagnant data sources, such as where materials were obtained or trends in customer demand. But the advent of more sophisticated technologies and computing power is transforming the industry. Forward-thinking organizations now are leveraging modern predictive analytics tools and moving beyond conventional reporting to recognize key trends and patterns all along the supply chain, particularly in the area of supply chain risk management. Major catastrophes in recent years, such as Hurricane Katrina, flooding in Thailand and the earthquake and tsunami in Japan, all illustrate the devastating effect disasters can have on today’s global supply chains. One way of protecting against the significant and likely costly effects of such events is employing analytics, including innovative weather intelligence tools, to create a more efficient supply chain while improving customer service. These tools enable supply chain executives to anticipate changes to supply and demand and take

24

APICS INSIGHTS AND INNOVATIONS

appropriate actions in advance, such as rerouting shipments and ensuring product availability. Analytics can be used to alert supply chain and operations management professionals to major issues across the supply chain. Through predictive algorithms, an alert can be sent if significant changes occur at a supplier, such as dwindling material, for example. Further, analytics can be leveraged to measure supply chain efficiency and performance against industry benchmarks, including lean six sigma and the Supply Chain Council’s SCOR model. Cargo theft often is perpetrated by groups that tend to operate in the same general areas, such as certain roads and truck stops. Predictive analytics can help companies plan safe routes for the transport of goods from origin to destination by applying predictive models to historical cargo theft data to keep goods and drivers secure. Analytics tools also can help manage environmental health and safety (EH&S) regulatory compliance across supply chains and product life cycles. When a company incorporates disparate sources of EH&S data throughout its business units, it can prevent a comprehensive view of trends. Analytics can bring about a heightened focus on EH&S compliance and sustainability. For example, EH&S analytics tools can offer visibility into product inventories within the enterprise, as well as at upstream suppliers and downstream partners. The resulting business intelligence enables EH&S professionals to more effectively manage the full spectrum of product stewardship and workplace safety regulatory requirements. Scott G. Stephenson is president and chief operating officer of Verisk Analytics, which provides risk information from diverse industries including insurance, health care, mortgage, government and supply chain and operations management.

SUPPLY CHAIN RISK AND REWARD

25

PERCEPTIONS OF PERIL Evaluating risk management in supply chains By Richard E. Crandall, Ph.D., CFPIM, CIRM, CSCP

26

APICS INSIGHTS AND INNOVATIONS

Supply chain risk management has become a concern for all types of organizations. As businesses move to loosely coupled networks of customers and suppliers spread over wide geographic areas and diverse business environments, the likelihood of potential disruptions increases. Organization leaders have a responsibility to manage these risks and minimize the negative effects. However, as reported in a recent APICS study, “Supply chain risk management is still at an early stage of maturity and … there are gaps at the organizational management level and the supply chain and operations management level” (APICS 2011). The study found that 72 percent of organizations do not have a risk management role or position, and almost one-third have practiced risk management for no more than five years. Another survey found that 85 percent of surveyed companies suffered at least one supply chain disruption during 2011, with the following being the major causes: adverse weather (51 percent), unplanned information technology or telecommunications outage (41 percent), transport network disruption (21 percent), and earthquake or tsunami (21 percent) (Veysey 2011).

General Categories of Risk

The number of articles on risk management has increased rapidly over the past decade, which is typical of new programs. The literature provides a variety of discussions about risk management in supply chains. Writers present specific, but somewhat limited, snapshots of the total supply chain risk management mosaic. Spekman and Davis (2004) looked at the dimensions of risk, which included ̥̥ Flow of goods and services ̥̥ Flow of information ̥̥ Flow of money ̥̥ Security of internal information systems ̥̥ Risks with relationships forged among supply chain partners ̥̥ Corporate social responsibility and the extent to which supply chain members’ reputations and images can be tainted by actions of another member engaging in improper activities

SUPPLY CHAIN RISK AND REWARD

27

Table 1: Risk strategies and characteristics Strategy

Result

Characteristics

Low risk importance and low risk probability

Disintermediation

̥̥ Nonessential substitutable products ̥̥ Many potential suppliers with little variation in capabilities ̥̥ Product specifications that are easy to develop

Low risk importance and high risk probability

Re-intermediation

̥̥ Nonessential substitutable products ̥̥ Many potential suppliers with difference in capabilities ̥̥ Product specifications that are moderately easy to develop

High risk importance and low risk probability

Strategic diversification

̥̥ Essential differentiated products ̥̥ Many potential suppliers with similar capabilities ̥̥ Product specifications easy to develop

High risk importance and high risk probability

Relationship development

̥̥ Essential differentiated products ̥̥ Many potential suppliers with variation in capabilities ̥̥ Supplier capabilities that are difficult to assess ̥̥ Product specifications that are difficult to develop

At about the same time, Cavinato (2004) identified risks and uncertainties in supply chains as ̥̥ Physical—the actual movements and flows within and between firms ̥̥ Financial—the flows of cash between organizations ̥̥ Informational—the processes and electronic systems, data movement, access to key information, and capture and use of data ̥̥ Relational—the appropriate relationships between a supplier, the organization and its customers for maximum benefit ̥̥ Innovative—the processes and linkages across the firm, its customers and its suppliers, as well as resource parties for discovering and bringing to market product, service and process opportunities Supply risks. George A. Zsidisin (2003) organized risks in supply chains in a classification scheme that considers elements along the supply chain: the internal product, the market and suppliers. He included three types of supply risks—item, market and supplier characteristics—and compared how they are affected by higher- and lower perceived risk. Hunter et al. (2004) examined the importance and probability of risk. They extracted strategies as shown in Table 1.

28

APICS INSIGHTS AND INNOVATIONS

Table 2: Potential risks in new product development Level of risk Critical

High

Medium

Low

Very low

Types of risks ̥̥ Product proposition does not meet customer needs ̥̥ Space planning fails to drive profit ̥̥ Quality fails to meet standards ̥̥ Supply base strategy is inappropriate ̥̥ New product results in loss of leadership ̥̥ Poor availability due to internal planning ̥̥ Store environment fails to attract new customers ̥̥ Unsuccessful at attracting and retaining the right employees ̥̥ Poor acceptance of corporate brand ̥̥ Communication efforts do not attract target customers ̥̥ Supplier cost savings not achieved ̥̥ Poor supplier performance ̥̥ Inappropriate and inadequate training for sales teams ̥̥ Competitors copy products and sell at a lower price ̥̥ Market doesn’t accept target price ̥̥ Information technology system doesn’t provide adequate management information ̥̥ New selling channels not attaining anticipated reach

New product development risks. While creating new products is usually viewed as an opportunity to enhance a company’s competitive position, it also carries with it a number of risks, as shown in Table 2 (Khan, Christopher and Burnes 2008). Outsourcing risks. Kremic (2006) compiled a list of risks that could result from outsourcing activities, which include ̥̥ Unrealized savings or hidden costs ̥̥ Less flexibility ̥̥ Poor contract or poor selection of partner ̥̥ Loss of knowledge, skills or corporate memory ̥̥ Loss of control of core competencies ̥̥ Power shifts to suppliers

SUPPLY CHAIN RISK AND REWARD

29

Table 3: Evolution of Risk Management Old paradigms of risk

New paradigms of risk

̥̥ Ad hoc activity ̥̥ Treasury, audit, and controllership functions ̥̥ Risks hidden in silos ̥̥ Risk management prevents bad things ̥̥ Enterprise resource management is a consultant’s program ̥̥ No return on investment in risk management

̥̥ Continuous activity imbued in culture ̥̥ All management, especially accountants ̥̥ Risk discussed cross-functionally ̥̥ Risk management creates opportunities ̥̥ Enterprise resource management is a business imperative ̥̥ Positive return on investment in risk management

̥̥ Supplier problems (poor performance or bad relations, opportunistic behavior, not giving access to best talent or technology and so on) ̥̥ Loss of customers, opportunities or reputation ̥̥ Uncertainty or changing environment ̥̥ Poor morale or other employee issues Turbulent environments risks. In an expanded perspective of supply chain risks, Trkman and McCormack (2009) developed the following classification scheme. Supplier attributes include financial performance, human resource factors, operational factors, culture and relationship factors. Supply chain strategy and structure involves supply chain type (lean, agile or hybrid), supplier types, business structure and geographic location. Endogenous uncertainty encompasses market turbulence, new products, price sensitivity, level of competition, demand swings, new customers versus repeat, and technology turbulence. And exogenous uncertainty deals with continuous items (interest rates, gross domestic product, commodity prices and the like) and discrete events (such as terrorism, disasters and strikes).

Risk Management Paradigms

That risk management is becoming more important in most organizations is exemplified in an article in Strategic Finance, the journal for management accounting. The author summarized the difference between traditional financial risks and contemporary business risks. (See Table 3.) The involvement of management accountants in risk management should help integrate the allocation of the necessary resources to prevent or mitigate risks, with operations management formulating their identification and strategy. The variety of risk categories described shows the wide range of risks in supply chains.

30

APICS INSIGHTS AND INNOVATIONS

Actions to Mitigate or Prevent Risk Disruptions

There are also myriad actions to mitigate or prevent risk disruptions. Matching mitigation strategies with category of risk. In addition to identifying types of risks, it is important to develop some actions to prevent or mitigate the extent of the risk effect. Chopra and Sodhi (2004) explained this as follows: ̥̥ Disruptions—driven by natural disaster, labor dispute, supplier bankruptcy, war, terrorism, or dependency on a single source of supply ̥̥ Delays—resulting from high capacity use at the supplier, inflexibility of supply source, poor quality or yield, excessive handling at border crossings, or change in transportation modes ̥̥ Systems—caused by breakdown of information infrastructure, system integration or extensive systems networking or e-commerce ̥̥ Forecast—due to inaccurate forecasts as a result of long lead times, seasonality, product variety, short life cycles, small customer base or information distortion ̥̥ Intellectual property—driven by vertical integration of supply chain and global outsourcing and markets ̥̥ Procurement—the result of exchange rate risk, percentage of a key component from a single source, industry-wide capacity constraint and length of contracts ̥̥ Receivables—affected by the number of customers and financial strength of customers ̥̥ Inventory – because of the rate of product obsolescence, inventory holding cost, product value, and demand and supply uncertainty ̥̥ Capacity—resulting from cost of capacity and capacity flexibility The authors recommend that companies use stress testing to understand and prioritize supply chain risks. This involves what-if scenarios that enable people to focus on the supply chain one link at a time and identify possible disruptions. As a result of the analysis, companies will be better able to design mitigation responses should the disruption occur.

SUPPLY CHAIN RISK AND REWARD

31

Chopra and Sodhi also identified a number of strategies to mitigate the effects of risks: ̥̥ Increase capacity. Focus on low-cost, decentralized capacity for predictable demand; build centralized capacity for unpredictable demand; increase decentralization as cost of capacity drops. ̥̥ Acquire redundant suppliers. Favor more redundant supply for high volume products and less redundancy for low-volume products, and centralize redundancy for low-volume product in a few flexible suppliers. ̥̥ Increase responsiveness. Choose cost over responsiveness for commodity products and responsiveness over cost for short life cycle products. ̥̥ Increase inventory. Decentralize inventory of predictable, lower-value products and centralize inventory of less predictable, highest-value products. ̥̥ Increase flexibility. Support cost over flexibility for predictable, high volume products and flexibility for low-volume, unpredictable products; centralize flexibility in a few locations if it is expensive. ̥̥ Pool or aggregate demand. Increase aggregation as unpredictability grows. ̥̥ Capability. Select capability over cost for high-volume, high-risk products and cost over capability for low value commodity products; centralize high capability in flexible sources if possible.

The Need for Strategy

In one of the early articles about the need to develop stronger supply management, Peter Kraljic (1983) outlined an approach to shaping the supply strategy. Phase 1. Classification of purchased items:

̥̥ Strategic (high profit impact, high supply risk) ̥̥ Bottleneck (low profit impact, high supply risk) ̥̥ Leverage (high profit impact, low supply risk) ̥̥ Noncritical (low profit impact, low supply risk)

32

APICS INSIGHTS AND INNOVATIONS

Phase 2. Market analysis: ̥̥ The company compares its own bargaining power with that of its suppliers by assessing the supply market, the availability of strategic materials, and the relative strengths of existing suppliers. Phase 3. Strategic positioning: ̥̥ Consider the areas of strengths and vulnerability, using the following strategies: ̥̥ Where the company is stronger than its suppliers, exploit that strength. ̥̥ Where the suppliers are stronger than the company, diversify supplier base. ̥̥ Where the company is equal to its suppliers, balance the relationship. Phase 4. Action plan: ̥̥ Based on the foregoing analysis, a company should develop strategies for dealing with volume, price, contractual coverage, new suppliers, inventories, production, substitution, value engineering and logistics. Kraljic cautions: “Few companies today can allow purchasing to be managed in isolation from the other elements of their overall business systems. Greater integration, stronger cross-functional relations, and more top-management involvement are all necessary.” While he was writing before the surge of interest in supply chains, it is apparent that he anticipated the evolution from an internally focused procurement to an external dependence on widespread supply partners.

Building Confidence Through Collaboration

Spekman and Davis (2004) stressed the need for trust building among supply chain partners to reduce risk. Christopher and Lee (2004) echo this theme and point out that lack of confidence can lead companies into a risk spiral, where the risk increases and confidence erodes. With increa;sed confidence, companies are able to substitute information for inventory, thereby reducing costs and creating a positive reduced risk spiral.

SUPPLY CHAIN RISK AND REWARD

33

Figure 1: Frequency and impact of supply chain risks Impact

Medum

Mitigate with preplanned action or with a rapidly devised action based on previous experiences and flexible processes.

Absorb in normal operations or mitigate with preplanned action.

Mitigate with agile response that may require innovation and originality.

Low

Magnitude of frequency or impact

High

Frequency

Internal

External Source of supply chain disruption

Perception Versus Reality

Zsidisin and Wagner (2010) ask: Do perceptions become reality? They believe operations managers have a good understanding of risks and their potential impact on the business. If managers perceive risks exist, they are likely to take actions to prevent or minimize the impact if those risks actually occur. If they take appropriate action, the negative impact of the risks will be reduced. The authors write: “Understanding the source of risk is important for creating a tailored strategy for reducing the occurrence of supply disruptions, such as the use of flexibility in order to create resiliency from risk that originates from extended supply chains. When risk stems from forces outside the control of supply chain participants, it is imperative to insulate themselves, at least in the short-term, from the effects of a disruption occurrence by using practices that create redundancy in the supply chain” (Zsidisin and Wagner 2010).

34

APICS INSIGHTS AND INNOVATIONS

Natural

Figure 1 provides an overview of a proposed model. The horizontal axis shows a progression from internal causes on the left to external causes in the center to natural disasters on the right. The vertical axis shows a progression from low impact at the bottom to medium impact in the center to high impact at the top. Internal risks of disruption carry a high frequency of occurrence but a low potential impact. Natural disasters have a very low frequency of occurrence but a very high potential impact. Disruptions from external sources fall somewhere between internal and natural disaster disruptions in both frequency and impact.

Internal risks can be described as follows

Low-impact, high frequency, expected, minor disruptions. In normal operations, more closely linked supply chains are designed to minimize disruptions. However, they may also be the most adversely affected should a disruption occur. If lean production practices are used throughout, there is little buffering with inventory or excess capacity. Therefore, a disruption will have a greater negative impact. Disruptions during normal operations can be identified and planned for; therefore, they should have limited effect on the supply chain’s operation. Medium-impact, moderate frequency, anticipated, moderate disruptions. The introduction of new projects or major events can introduce greater risk. The mandate by Walmart to use radio frequency identification by suppliers introduced disruptions that probably could have been anticipated, but which represented more deliberate planning to accommodate. High-impact, low frequency, low predictability, major disruptions. A final category of risk in supply chains occurs when participants opt to remove themselves from the supply chain. A customer may find another supplier or a supplier may go out of business. Product recalls or noncompliance with government regulations also can represent unanticipated, major disruptions. Operating in an open system environment also presents an array of external supply chain disruptions. While some of these changes can be anticipated, their timing and magnitude often cannot. Their disruptive impact can range from minimal to major. While they represent uncertainty, a firm must consider their potential impact and develop flexible processes in order to cope with their eventuality. Competitors. Competitors introduce new products, change prices, launch major advertising initiatives, and buy suppliers. Operations management professionals should identify the most likely moves by a competitor and plan an appropriate response.

SUPPLY CHAIN RISK AND REWARD

35

Economy. Recent fluctuations in the United States and global economies caused many companies to rethink their strategies about outsourcing, new product launches, investment in added capacity, and other resource-intensive decisions. These are “new normal” times; decisions that worked well during growth periods no longer do. Technology. Technology continues to be a source of progress; unfortunately, it also introduces disruptions in normal supply chain operations. Information technology can be especially disruptive when it introduces major changes in processes and interorganizational communications, such as electronic data interchange on the Internet or cloud computing. Government. Federal governments can change tax incentives for environmentally friendly investment; strengthen the enforcement of product tracking; or require health care insurance for all employees. State or local governments can change the sales tax rate, restrict waste disposal, heighten recycling requirements, or increase incentives for new business startups. Governments move slowly and in somewhat uncertain paths, but their impact can be significant. Environment. The direction and timing of the environmental sustainability movement are uncertain. However, it appears that its impact will be a major opportunity or threat to many establishments. Society. Cultural and generational differences abound. Buying habits, especially in the e-business age, are changing rapidly. Decisions about investments in brick-and-mortar retail stores and malls are brain twisting in their variations. Executives know the future will not be like the past, but are struggling to determine how to use that knowledge.

Natural Disasters

Yuva (2010) provides a summary of natural disasters occurring throughout the world during the last decade, using data from the Center for Research on Epidemiology of Disasters, as shown in Table 4. The total indicates some type of natural disaster occurs on the average daily. While some have greater impact, any could be disruptive to a supply chain. The recent earthquake in Japan and flooding in Thailand and the Philippines are dramatic evidence that these kinds of natural disasters can have a significant effect on supply chains. Firms must be agile enough to quickly adapt to these unpredictable, yet not unexpected, occurrences.

36

APICS INSIGHTS AND INNOVATIONS

Conclusions

Designing and implementing an effective supply chain is difficult, even without the threat of disruptive risks. However, good risk management is a requirement in this age of extended and complex supply chains.

References

1. APICS 2011 Supply Chain Risk Challenges and Practices. 2011. APICS The Association for Operations Management, Chicago. 2. Cavinato, Joseph L. 2004. “Supply chain logistics risks: From the back room to the board room,” International Journal of Physical Distribution & Logistics Management 34 (5), 383. 3. Chopra, Sunil and ManMohan S. Sodhi. 2004. “Managing risk to avoid supply chain breakdown,” MIT Sloan Management Review 46 (1), 53. 4. Christopher, Martin and Hau Lee. 2004. “Mitigating supply chain risk through improved confidence,” International Journal of Physical Distribution & Logistics Management 34 (5), 388. 5. Hillman, Mark (2006). Strategies for managing supply chain risk, Supply Chain Management Review 10 (5), 11. 6. Hunter, Lisa M., Chickery J. Kasouf, Kevin G. Celuch, and Kathryn A. Curry. 2004. “A classification of business-to-business buying decisions: Risk importance and probability as a framework for e-business benefits,” Industrial Marketing Management 33 (2), 145. 7. Khan, Omera, Martin Christopher and Bernard Burnes. 2008. “The impact of product design on supply chain risk: A case study,” International Journal of Physical Distribution & Logistics Management 38 (5), 412. 8. Kraljic, Peter. 1983. “Purchasing must become supply management,” Harvard Business Review 61 (5), 109. 9. Kremic, Tibor, Ova Lcmeli Tukel, and Walter O. Rom. 2006. “Outsourcing decision support: A survey of benefits, risks and decision factors,” Supply Chain Management 11 (6), 467. 10. Spekman, Robert E. and Edward W. Davis. 2004. “Risky business: expanding the discussion on risk and the extended enterprise,” International Journal of Physical Distribution & Logistics Management 34 (5), 414.

SUPPLY CHAIN RISK AND REWARD

37

11. Thomson, Jeffrey C. 2010. “Staying on track in a turnaround,” Strategic Finance December 2010, 43. 12. Trkman, Peter and Kevin McCormack. 2009. “Supply chain risk in turbulent environments—A conceptual model for managing supply chain network risk,” International Journal of Production Economics. 119 (2), 247. 13. Veysey, Sarah. 2011. “Majority of companies suffered supply chain disruption in 2011: Survey,” businessinsurance.com, accessed November 8, 2011. 14. Yuva, John. 2010. “Assess your vulnerability to natural disasters,” Inside Supply Management 21 (9), 28–31. 15. Zsidisin, George A. and Stephan M. Wagner. 2010. “Do perceptions become reality? The moderating role of supply chain resiliency on disruption occurrence,” Journal of Business Logistics 31(2), 1. 16. Zsidisin, George A. 2003. “Managerial perceptions of supply risk,” Journal of Supply Chain Management. 39 (1), 14. Richard E. Crandall, Ph.D., CFPIM, CIRM, CSCP, is a professor at Appalachian State University in Boone, North Carolina. For a free bibliography of more than 60 articles on this subject, contact the author at [email protected].

38

APICS INSIGHTS AND INNOVATIONS

YOUR COMPANY IS VULNERABLE How to achieve top business security By Philip E. Quigley, CFPIM, PMP

SUPPLY CHAIN RISK AND REWARD

39

As I write this department, there has been a series of system break-ins at numerous companies around the world. Sony, Lockheed and others have been embarrassed and liable for these crimes, particularly where sensitive customer and corporate information was involved. Consider the company that uses radio frequency identification to track shipments. This seems like a great way to know where products are as they travel the country. However, it’s also a system that gives many people the opportunity to scan tags and get reports about the company’s products. A recent case in California sounds like a story from an old Western movie. Apparently, there was a gang breaking into railroad cars as trains made their slow climb up into the mountains. The team had insider information on what was being shipped and would drive alongside the train, break into the cars and steal television sets, stereos and computers. What does this mean for operations management professionals? Plenty. After all, we are on the pulse of our company’s systems, and we interface with outsiders. First, involve information technology (IT) security people in your projects from the beginning. They need to understand what you are doing from a business and IT perspective. Security processes must be designed in from the beginning, and that means additional costs. If a project is found to be too expensive then the whole thing may have to be rethought. And it’s better to rethink a project now than have a multimillion-dollar loss due to inadequate security. Sit down with your IT security people and look at the whole system or process you are implementing. Consider it from the bad guys’ perspectives: What would they want to get their hands on, and how could they go about getting it? Would they be able to buy off someone in your company to get information? What are you doing about that? Ask your IT security professionals to figure out a way to hack into your system. Remember, criminals will spend time and money studying your systems to find a way in. Think of them as patiently hunting for a weakness and highly motivated by large rewards. There are many techniques, technologies and processes to increase your security. Integrate them into your systems, then stay current on your applications and embrace new security tools as they come available. To stay ahead of the bad guys, you must be proactive.

40

APICS INSIGHTS AND INNOVATIONS

Ask your IT security professionals to figure out a way to hack into your system.

The dangers are real, and operations people must team with IT security professionals to reduce and minimize the threat. It doesn’t take much to invade a network, and the intruders are smart, stubborn and want their payday. Philip E. Quigley, CFPIM, PMP, is a senior application portfolio manager for Computer Sciences Corporation. He teaches at Chapman University’s Argyros School of Business and Economics and California State University at Fullerton. He may be contacted at [email protected].

SUPPLY CHAIN RISK AND REWARD

41

YOUR RESILIENT SUPPLY CHAIN Lessons in reducing exposure and mitigating risk By Mohanish Makharia, Gerhard Plenert, Ph.D. and Ramanan Sambukumar

42

APICS INSIGHTS AND INNOVATIONS

When designing supply chains, the focus often is on optimal use of resources, offshoring and outsourcing non-value-added activities, institutionalizing Just-in-Time systems, and investing in technology. While these new business models have resulted in more efficient and responsive systems, the supply chain risk profile has been altered significantly. Many corporations are left vulnerable. Caught unaware, even the most successful global organizations can suffer major loss of revenue, market share and consumer trust. Broadly defined, a supply chain disruption is an unusual spike or steep fall in either demand or supply, leading to a vast imbalance. According to Jossi Sheffi, director of the MIT Center for Transportation and Logistics, “The essence of most disruptions is a reduction in capacity and, therefore, inability to meet demand.”

Real-World Response

Cisco rode the technology wave in the 1990s to become the market leader in the network component business. When the tech bubble burst, demand slowed significantly. Cisco did not have the capability to track the inventory of products across its geographically spread supply system. Business leaders had no experience managing a downturn. Systems were designed for high responsiveness and high inventory buffers. Lack of tracking capability resulted in significant inventory accumulation—which, in a bust market, led to the eventual write-down of $2.2 billion in 2001 alone. Based on limited success of prior launches, Apple acted conservatively while launching its PowerBook. But the market received the product well, and Apple was caught with a supply-side shortfall. The company had $1 billion in unfulfilled orders, which resulted in loss of consumer confidence and a huge hit to its stock price. Sumitomo Metal Industries was the sole source of brake shoes for Toyota’s domestic cars in 1995 when the Kobe earthquake struck. Sumitomo’s operations suffered, and Toyota—working with a lean manufacturing system that had no buffers—had to halt production. Toyota lost the opportunity to produce 20,000 cars, costing an estimated $200 million in revenue. Similarly, during Japan’s recent tsunami and nuclear crisis, the automaker had to delay the launch of two models and suffered an estimated production loss of 140,000 vehicles. Following the September 11, 2001, tragedy, Walmart executives noticed a significant increase in the sales of US flags, lapel pins and other patriotic objects. The world’s largest retailer immediately locked up all available supply resources, leaving stores such as Kmart and Target out in the cold.

SUPPLY CHAIN RISK AND REWARD

43

Why do some companies do so much better than others in times of disruption? The answer lies in the ability to detect the disruption and swiftly act upon it. While these events cannot be predicted accurately, their major impacts can be narrowed down to one of five areas, including: ̥̥ Supply failure ̥̥ Manufacturing operations failure ̥̥ Logistics failure ̥̥ Information and technology failure ̥̥ Workforce unavailability While operations and supply chain managers focus on efficiency and responsiveness in traditional “business-as-usual” environments, they should be flexible enough to quickly switch their operation scenarios to adjust for disruptions. A scenario based strategy for disaster proofing with a focus on consequences will not only minimize damage to the bottom line, but also can help score wins over debilitated competitors.

What is a Resilient Supply Chain?

Disruptions happen for various reasons, and the nature and timing of their impacts also fluctuate. A labor union problem can be anticipated, but a terrorist attack is completely unforeseeable. A fire in a factory can halt operations immediately, while the outbreak of an epidemic in a supply zone could have subtle consequences that will take more time to set in. Companies with resilient supply chains—and those that take proactive risk mitigating steps—can anticipate issues more effectively than their peers and delay and minimize the end results. In Figure 1, company B has institutionalized a business continuity plan and invested in visibility systems for early detection of disruptions; company A has not. When a disruption occurs at point T, company B is able to discover it at point B1 and recovers from the disruption rapidly, minimizing the impact. Company A detects the disruption only at point A1 and takes a longer time to recover.

44

APICS INSIGHTS AND INNOVATIONS

Figure 1: Supply chain risk mitigation framework

Business impact (loss of revenue, profitability, or market share)

Stage 1: Business as usual

Stage 3: Business as usual

Stage 2: Recovering from a supply chain disruption

Recovery: Damage control through last line of defense: insurance cover

Agility: Early detection and quick response to minimize damage

Resilience: Proactive supply chain risk mitigation

Effect of swift action as per BCP + effect of capacity and inventory buffers

Effect of visibility systems T

Discovery B1

A1

Recovery B2

Recovery A2

Time Impact of supply chain disruption on organization A, which has no risk mitigation system Impact on organization B, which has mitigated supply chain risk and is continuously monitoring for disruptions

Effective business continuity plans enable users to assess the vulnerability of the company to supplier and manufacturing operations failures, logistics failures, workforce unavailability, and information and technology disruptions. They also help create accurate what-if scenarios and assess the capability to respond to disruption. When creating a business continuity plan, it’s necessary to engineer a clear, actionable contingency plan for failures of any supply chain pillars. Also make sure to identify key thresholds for executing risk-mitigating decisions, such as sourcing from alternate partners, channels, and manufacturing and distribution systems. Disasters that ultimately lead to chaos often result from misaligned company departments and functions. In such situations, centralized decisions based on real-time information from all sources are crucial. It’s essential to institutionalize a contingency management team that will direct all actions during times of disruption. This team must be comprised

SUPPLY CHAIN RISK AND REWARD

45

of senior people who can exercise influence over the various decision makers of the company. Philips was a major supplier of semiconductors to Nokia and Ericsson in 2000 when a fire at a plant in Albuquerque destroyed chips for millions of cell phones. Nokia immediately set up a troubleshooting team to assess the full impact and find alternatives. They rapidly sourced three of the five affected chips from within their existing supplier network, with a five-day lead time. A senior management team also worked out a deal with Philips to help source the remaining two parts. With these efforts, Nokia was able to make all customer shipments in time. Unfortunately, Ericsson took weeks to respond to the situation and, by that time, lost most of the market capacity to Nokia. The impact was devastating for Ericsson, which took a $2.34 billion loss in its mobile phone division, due to not only component shortages, but also a poor product mix and marketing failures.

How to Prepare for Supply Chain Disruptions

In addition to a successful business continuity plan, there are further essential steps to effective risk mitigation. Technology. It’s important to invest in information systems that improve realtime visibility of used and spare capacities and inventory in the entire system— including those of suppliers. Institutionalize supply chain intelligence systems, including exception-event-planning systems designed to discover incidents that cross the threshold of normal operating parameters. Employ the power of social media for early detection of disruptions. Dell, known for its pioneering work in supply chain, uses social media to interact with customers, thus enabling it to improve reaction time and be more responsive to market needs. Flexibility. Standardize components as much as possible to derive aggregation benefits and reduce overall inventory and engineering costs. In a volatile market, attempt to postpone the customization of a product until after receiving the customer order. Identify the next-best alternatives as backups for the most vulnerable supply chain nodes. Sourcing. Supply chain decisions should not be made on the basis of traditional costing models, but rather, on the total cost of sourcing equations that are adjusted for the expected value of supply chain risk. Testing. Conduct regular mock drills for likely disruption scenarios to evaluate preparedness.

46

APICS INSIGHTS AND INNOVATIONS

Critical components and supply chain nodes. Segment inventory in levels of criticality based on unit cost, sourcing, manufacturing options and lead time to restock. Maintain progressively higher buffer levels for critical segments. Supplier selection and monitoring. Screen critical suppliers based on their risk scores, and mandate the selected ones to institutionalize a realistic business continuity plan. Test the relevance and dependability of suppliers’ plans. Conduct regular meetings or teleconferences with key suppliers to get their opinions and feedback on potential disruptions. Supply chain intelligence. It is vital to keep an eye on each country or region for threats and trends that will affect the supply chain: weather, port and transportation worker strikes, fuel prices, currency exchange, inflation, labor rates, pending legislation, political elections, natural disasters and more. Constantly monitor the supply chain for exception events and assess their potential impacts. Watch supplier quality, raw material price and market demand variations. Finally, employ historical data for operations planning, and avoid certain regions in certain times. For example, Florida ports are subject to hurricanes from June to November. Perishables or other time sensitive goods may need to exclude South Florida ports from their distribution networks through these months. As can be seen from the disruption cycle in Figure 1, efforts can be classified in three phases: 1. Proactive steps before the disruption occurs—building a resilient supply chain, addressing all identified disruption impacts, and investing in early warning systems. 2. Reactive steps when the disruption has occurred and been detected— acting with agility to expedite recovery. 3. Post-recovery steps—performance reporting, reevaluating the supply chain and recovering losses through insurance claims. While the strategic vision must take a top-down trajectory, operational activities need to be implemented from the bottom up. Based on the efforts required before, during and after a disruption, Figure 2 presents a comprehensive framework to build a resilient supply chain.

SUPPLY CHAIN RISK AND REWARD

47

Figure 2: Framework for building a resilient supply chain Proactive: plan for disruption

̥̥ Conduct enterprise-level supply chain risk assessment

Strategic

̥̥ Make risk adjustments to total cost of sourcing equations ̥̥ Design actionable business continuity plans covering all failure scenarios ̥̥ Identify authorities for decision making during disruptions ̥̥ Invest in improving capacity and inventory visibility

̥̥ Supplier selection based on ̥̥ risk-adjusted total cost to source

Operational

̥̥ supplier’s business continuity plan strength ̥̥ Identify alternate suppliers with different operating conditions

Reactive: minimize damage

̥̥ Paradigm shift with less emphasis on efficiency and more emphasis on business continuity ̥̥ Sanction supplies from reliable alternative sources and employ alternate transport nodes and manufacturing facilities in case the preferred options fail (risks associated with the alternate sources should be divorced from those borne by primary sources)

̥̥ Diagnose all the impacts to the supply chain once a disruption has been identified ̥̥ Invoke the business continuity plan to ensure safety of employees and continuity of operations

̥̥ Maintain higher buffer levels for critical components

̥̥ Take swift action to employ available capacities within the organization and supplier network

̥̥ Continuous monitoring of supply chain for disruptions

̥̥ Constantly monitor the situation

Post-recovery

̥̥ Reevaluation of the supply chain to assess the following parameters: ̥̥ effectiveness of the business continuity plan ̥̥ effectivenes of early disruption detection systems ̥̥ validity of total cost of ownership/sourcing equations ̥̥ resilience of the supply chain to future disruptions

̥̥ Prepare a disruption report that covers failure points as a result of disruption, cause and effect analysis, and comparative analysis of disruption performance through industry peers ̥̥ Systematic loss reporting to mitigate issues through insurance coverage as a last line of defense

̥̥ Backup of information systems

Before the disruption

48

APICS INSIGHTS AND INNOVATIONS

During the disruption

After the disruption

Minimizing the Damage

When a disruption has been detected, a rapid shift from an efficiencymaximizing scenario to one based on maintaining business continuity is critical. Senior management must be involved. The business continuity plan needs to be invoked and risk mitigation strategies operationalized. Once the impacts of the disruption are assessed, customer commitments should be reevaluated in the new demand-supply scenario. The frequency and severity of supply chain disruptions has increased tremendously in the past two decades. A resilient, flexible and scenariobased supply chain provides a competitive edge: It is not a choice, but a business imperative. Mohanish Makharia works for the supply chain group at Wipro Consulting Services. He may be contacted at [email protected]. Gerhard Plenert, Ph.D., is a practice partner for Wipro Consulting Services, specializing in supply chain and lean six sigma practices. He may be contacted at [email protected]. Ramanan Sambukumar leads the distributed supply chain organization for Wipro Consulting Services. He may be contacted at ramanan.sambukumar@ wipro.com.

SUPPLY CHAIN RISK AND REWARD

49

50

APICS INSIGHTS AND INNOVATIONS

APICS RESEARCH For more insider information explore APICS research topics at apics.org/research. Reports are available on: n

Project management

n

Remanufacturing

n

Big data

n

Supply chain strategy

n

Sustainability and more

Comments or questions? Contact [email protected].

SUPPLY CHAIN RISK AND REWARD

51

ABOUT APICS SUPPLY CHAIN COUNCIL APICS SCC is a nonprofit organization that advances supply chains through unbiased research, benchmarking and publications. APICS SCC maintains the Supply Chain Operations Reference (SCOR) model, the supply chain management community’s most widely accepted framework for evaluating and comparing supply chain activities and performance. APICS SCC enables corporations, academic institutions and public sector organizations to address the ever-changing challenges of managing a global supply chain to elevate supply chain performance. APICS SCC is part of APICS, the premier professional association for supply chain and operations management. Visit apicsscc.org to learn more.

© 2016 APICS

Smile Life

When life gives you a hundred reasons to cry, show life that you have a thousand reasons to smile

Get in touch

© Copyright 2015 - 2024 PDFFOX.COM - All rights reserved.